Allscripts Milestone Points to Industry Shift to Streamlined Records Processing

“The Times They Are-A Changin’……” Can’t you just hear Bob Dylan singing right now? ….We’re sorry for that!

As evidence of the rapidly evolving healthcare space, DataFile Technologies partner Allscripts just announced eChart Courier hit a major milestone with the exchange of 10 million medical records since inception in 2015.  This news spells more opportunity for practices to streamline back office health information management (HIM) functions.

Allscripts eChart Courier service helps physician practices automate the appropriate sharing of medical records with affiliated health plans. It encrypts and electronically delivers the medical record to the payer, streamlining the reimbursement timeline by sending the required information quickly. The service is available to health care providers at no charge. As a complement to Allscripts eChart Courier, DataFile offers a niche solution for release of information for medical records services.

Hitting the milestone of exchanging 10 million records electronically is a significant accomplishment for eChart Courier and offers a substantial integrity and labor savings for providers. And it’s just scratching the surface of opportunity for practices that want to gain efficiency and eliminate HIPAA liability.

“There are 100+ million records being requested of providers annually, and 90% of them are still being exchanged via traditional paper or analog faxing methods,” said Janine Akers, CEO of DataFile Technologies. “These legacy methods do not offer discreet or structured data to be exchanged effectively and can cause unnecessary issues and inefficiencies.  Allscripts is paving a path of interoperability that benefits patients, providers and payors alike.”

Providers face a number of challenges in today’s healthcare landscape. From ballooning regulations and overhead costs to labor and staffing, running an efficient medical practice can be difficult. DataFile and Allscripts eChart Courier services combine to make it possible for organizations to save money, reduce HIPAA risk and maintain an efficient practice that is able to offer exemplary patient care.

At DataFile, we commend Allscripts for their commitment to offering ways for providers to lower the costs and liability associated with running a practice. As the demand for technology and advanced solutions continues to grow in healthcare, DataFile is proud to partner with EHR companies such as Allscripts that address client needs through turnkey options and allow for a renewed focus on patient care.

To learn more about how DataFile compliments Allscripts and eChart Courier, join us for an upcoming webinar or contact us today.

HEDIS Review Season is Here… Let Us Help!

With healthcare reform, HEDIS measurements are how we communicate quality care and these metrics are now published online. Is your organization ready for this level of transparency?  In this recorded webinar, Kathryn Ayers Wickenhauser shares advice to help you alleviate the stress and burden that comes with the HEDIS review and audit season. During the webinar, she map out the best strategies going forth for your practice, so everyone feels confident and ready to cruise through the upcoming audit season with DataFile as your partner! 

Did You Know? DataFile Technologies & HEDIS: In 2016, DataFile Technologies processed requests for tens of thousands of patient chart reviews and audits. We handle the HEDIS review process for many clients. Can we help you too? Listen in to this recorded webinar to learn how easy it is to “Defer to DataFile” and let us handle this stressful task for you!


“On Your MACRA, Get Set, GO!” Webinar Wrap-Up

On behalf of Ben Bull, Kathryn Ayers Wickenhauser, and myself, we enjoyed our time discussing MACRA and the Quality Payment Program with webinar attendees from across the country!

Kathryn shares a few additional thoughts from yesterday’s discussion:

“Thank you for joining me for “On Your MACRA, Get Set, Go!”.  I hope you found the information beneficial and are able to apply it to your individual practice.  The Quality Payment Program, including MIPS, will certainly continue to challenge healthcare organizations for 2017 and beyond as a means to illustrate increased quality and decreased costs in the ambulatory realm.  As I’m sure you picked up on, the Quality Payment Program is incredibly flexible and personal to each organization.  If you are interested in additional assistance navigating this new era in healthcare, please do not hesitate to reach out to me.  Additionally, please take advantage of our demo offer through 1/31 for a 30 minute MACRA analysis with yours truly! Thank you again for joining, and have a great start to 2017″

The webinar recording is now available! Please click here to access.

As you review this information shared yesterday, I also encourage you to take advantage of our complimentary consultation with Kathryn, by booking a demo of the DataFile HIM solutions. You’ll learn more about our time-saving solutions… and get more specific information on MACRA for your organization..a win, win! Email us today to book yours!
I hope to see you on another DataFile webinar…soon!


Office of Civil Rights HIPAA Audits Advance

On Monday July 11th, the Office of Civil Rights (OCR) HIPAA Audits took a step forward in their anticipated program when over 150 Covered Entities were notified of their selection for participation in a “desk” or remote audit.  The selected entities are required to submit documentation by Friday July 22nd, just ten business days following notification.  Additional phases of these OCR Audits will occur in 2016.

Have questions about these Audits?  Want assistance preparing in case you are selected?  Check out our free webinar regarding OCR Audits:  or email Healthcare Consultant Kathryn Ayers Wickenhauser at


As your Healthcare Data Expert partner, DataFile will continue to alert you to any impactful industry news.

Webinar Recording Available: “The OCR Audits are Coming”

Did you miss today’s webinar? No fear, the recording is available for your reference as we look ahead to upcoming OCR Phase Two Audits!audit

Keep in mind, the Office of Civil Rights (OCR) Phase Two Audits don’t have to be scary! The OCR has been fairly transparent about what these 200+ audits over the next six months will look like. The awareness of these Phase Two Audits picked up steam on May 20th, 2016 as more than 12,000 healthcare entities were contacted to verify their primary contact information.

The OCR is using the email address to reach out to healthcare entities to verify contact information.  If your organization has not received an email yet, continue to watch your spam filter to ensure you do not miss communication.

Have questions?  Looking for additional guidance?  We offer services to help prepare you if your organization is selected! Learn more or contact us at

Ready to hear more about these Phase Two Audits from Kathryn Ayers Wickenhauser? Please access the webinar by completing the form below:

Webinar: The OCR Audits are Coming

Recording from June 6th, 2016

“Right to Access” — Updated OCR and HHS HIPAA Guidance



After the March 23 webinar on this important topic, clients still had very specific questions about the new, additional guidelines. Here are some of the Q&A for your review.   

On February 25th, 2016, the Office of Civil Rights (OCR) and Health and Human Services (HHS) released a FAQ document providing additional guidance on existing regulations regarding a patient’s “right to access” their health information. This guidance centered around three main points: the acceptable delivery formats based on the request type, a reasonable cost-based fee may be charged for records and the right for the patient to direct their health information be sent to a third party.

In an effort to share information regarding this FAQ, DataFile hosted a webinar for our clients on March 23, 2016. The webinar may be viewed here.  Please note that the information provided in the webinar and this post is not intended to be nor should be considered as legal advice.

A high-level overview of the main guidance of the FAQ includes:

  1. Delivery formats of PHI
    • Covered Entities (CE) and Business Associates (BA) should make a strong effort to fulfill the records in the format requested by the patient
    • If records are maintained electronically, it is expected that the CE or BA can fulfill a request for records to be delivered electronically. At a minimum, CE and BA organizations should be able to provide records delivered via email. Unencrypted email is an acceptable means of electronic transmission if and only if the patient has acknowledged the inherent risks of unencrypted transmission.
  2. Reasonable, cost-based fee for information
    • For electronic copies of health information maintained electronically, a maximum charge of $6.50 applies.
  3. A patient’s right to direct their health information be sent to a third-party
    • “Right to Access” applies when a patient requests that their health information be sent to a third party.
    • “Right to Access” does not apply when the third party initiates the request.

Here are a sampling of questions we received as a result of the March 23rd Webinar:

Q: Are we required to fulfill ROI requests within a certain time period?

A: Yes, this guidance outlines that requests should be processed in a maximum of 30 days, unless there are extenuating circumstances that are explained to the patient.  However, the guidance clarifies that because health information is more readily maintained in an electronic format, the OCR and HHS believe that processing the requests should occur much more quickly than the allotted 30-day period.

Q: Do states have a stricter rule that would prohibit us from sending PHI using an unsecure e-mail?

A: The guidance specifies that “Right to Access” defers to wherever the patient has the most access to their records.  As such, this guidance allows for records to be sent in an unencrypted manner with the patient’s acknowledgement of the risks.  Because the guidance perhaps provides more access than state-specific laws, the CE and BA should follow the guidance from the OCR and HHS.  However, if a state law provides more access to health information for a patient, in those cases the CE and BA should follow their state-specific laws.

Q: Our practice currently doesn’t send PHI via email because we have a patient portal.  Do we have to send it via email if the patient requests?

A: “Right to Access” specifies that if a patient requests their records be delivered in a certain format, the CE or BA should make every reasonable attempt to deliver the records in the requested format if possible.  The guidance does reference that CE and BA organization should have access and be able to deliver records via email if requested.  The OCR and HHS acknowledge than an exception may occur if the file size is too large to send by email.  At that point, the CE or BA may work with the patient to determine another appropriate means to deliver the information.

Q: Will DataFile email records if they are requested to be provided that way?

A: Yes, DataFile will email records if the patient requests their information be delivered via email.  As your Healthcare Data Expert partner, we act as an extension of your practice and have every intention of following along with your policies for email.  We prefer and have the means to send the records in an encrypted format, but if the patient requests the records be sent via unencrypted email, we will work with you to share our best practices and implement a policy on your behalf for the patient’s acknowledgement.

Q: Although our email is secure, we can’t be certain the receiver’s email is secure.

A: Yes, that is correct.  The guidance acknowledges that there are inherent risks in sending email, and specified that CE and BA organization address these risks in their Security Risk Analysis.  If the patient requests that the email be sent unencrypted and acknowledges the possible risks which could occur in transmission or upon delivery, the CE or BA is relieved of the liability if an incident were to occur following hitting the “send” button.

Q: What about the per page fee associated with many state laws? Will DataFile still charge a per page fee?

A: DataFile will only charge a per page fee in instances in which the request for records does not originate from the patient or if records are requested to be provided to a recipient in a non-electronic medium.  The recent FAQ establishes that these instances allow the charge for a reasonable, cost-based fee to patients and the state-based fees to other requestors.

Q: Is the $6.50 maximum fee a recommendation or a law?  If a law, does it overrule state guidance regarding cost of ROI processing?

A: The $6.50 maximum is for electronic records requested to be provided electronically.  This maximum is a clarification of previous legislation from the OCR and HHS and essentially should be treated as a law.  “Right to Access” defers to the legislation that provides the greatest means for accessing records.  That means if there is state legislation authorizing patient copies of their health information should be provided at no cost, the CE or BA should defer to that guidance rather than the $6.50 maximum.

Q: How does $6.50 take into account the need for quality and accuracy in terms of checking records over to insure the information is accurate and for that patient?

A: In short, it doesn’t.  The $6.50 maximum for electronic copies of records maintained electronically is inclusive of all labor and supplies.  The OCR and HHS offer guidance that the labor cost does not include “reviewing the request for access,” nor “searching for, retrieving, and otherwise preparing the responsive information,” nor reviewing the records “to identify the PHI that is responsive to the request and to ensure the information relates to the correct individual and to segregate, collect, compile and otherwise prepare the responsive information.”  In other words, once those steps listed above are complete, the labor costs can initiate.

Q: Is this presentation available to print?

A:  Yes, you can find a PDF of the slides here.

Stay tuned.  DataFile will have ongoing information on this important topic.  We thank you for your outpouring of support on this new development.

Webinar: “Right to Access” – Updated HHS HIPAA Guidance



DataFile Technologies hosted an informational webinar for clients on Wednesday, March 23, 2016 at 1:00pm CDT regarding Health and Human Services’ recently issued additional guidance in the form of a FAQ regarding patients’ rights to access their health information under the HIPAA Privacy Rule.

The webinar provided a broad overview of the information contained in the FAQ.

Kathryn Ayers Wickenhauser, HIPAA Compliance Consultant and Gary Powell, Compliance Officer, both of DataFile Technologies, dissected the FAQ guidelines and discussed ways these additional guidelines may affect clients’ release of information processes.  More specifically, the webinar reviewed guidance on the format in which a patient may request and receive their health information, as well as the methods to determine appropriate costs for the release of information service.

“While we are all still learning what these additional guidelines mean to our clients, our goal is to help all providers be better prepared to utilize this guidance as it applies to their release of information process so they may remain compliant with the HIPAA Privacy Rule,” says Ayers Wickenhauser.

If you were unable to attend the live webinar hosted by DataFile or want to share this information with others within your organization, please click here to access the webinar.